Social Engineering 101

[acevic]

I am not sure as to whether the lectures are still active or that there is a lack of presenters so I will try my luck through this thread. I have read through Monica's (old) thread on lectures and it linked to this forum.

I fully understand the risks of practically carrying out the methods below. This lecture is for a better understanding of how a hacker can penetrate even through the strongest security systems without much technical skill. This lecture should provide a learner with a better understanding of how easily the human mind can be exploited and what to look out for. Even the most advanced of security experts are vulnerable to psychological attacks which may lead to major IT security breaches.

I am not trying to imply that I know "sure" ways of how to get through a person. The human mind is very unpredictable and that cannot be emphasized enough. The best bet is to analyze the mentality and use your own educated judgement in order to predict the probability of the results.

The following, are the topics (not limited to and not in sequence) I'd like to cover:

Social engineering (introduction)- Hacking the weakest link in security
On-screen psychology (spoofing your identity via the way you type, spoofing your online personality)
Psychological pattern analysis (spotting out vulnerabilities in the emotions and mindset of the target)
Psychological prediction and intuition (analysis of the probabilities of what the result of your stimuli may be)
Identity theft and identity spoofing (spoofing e-mail identities, web sites, social network accounts and administrative identities)
Lying: How to lie and sell it
Off-screen psychology (spoofing your identity in person)
Bluff interrogation & reverse interrogation
Recon and surveillance of public records and how to interpret them
"Confusion is bliss!" (blending lies with the truth)
"Hey! I know you!" (becoming friends before even talking to the person)
Emotion: The bug without a fix
Reverse social engineering

My background: I am ex-military (used to work for an anti piracy unit for software and music...have a bit of know how on military intelligence), a computer enthusiast (I know a bit of web coding here and there), a businessman (current profession) and a prospective professional penetration tester (working on it).

Experience related to social engineering: I have worked with various online watchdogs (not specified for obvious reasons) and I enjoy baiting myself to social engineers and trolling them for weeks until I flame them and report them. As for off-screen social engineering, I have had to take up various identities and deceive a lot of people during my military employment for pirate raids. Other than relevant hands-on experience, I have read through a lot of related books and web resources.

If this lecture gets approved, I would like to invite anyone else who is interested in presenting with me. The lecture will be audio based.


Thank you for your time,
Ace

[Goatboy]

Approved. Lectures are pretty dead at the moment. Give us a bit to get the details in order, then we'll contact you.

[acevic]

Approved. Lectures are pretty dead at the moment. Give us a bit to get the details in order, then we'll contact you.

Thank you. I would like to add that comments and constructive criticism on the lecture idea are welcome. Please let me know if anything is wrong or missing and I will do my best to cover it.

I have never previously attended an HTS lecture. So please excuse me if I ask a bit too much about how you carry them out.

[Slahd]

Well, I see that this will be an enjoyable lecture. I actually would like to see more on the science of Social Engineering. I approve of this and will most likely attend. Have we got the date & time yet?

S

[acevic]

I'm not sure, I am waiting for Goatboy's green signal.
I don't want this to be a solo presentation though. I would prefer it if some members added to the presentation with their unique views. Social engineering is a science unique to it's individual subject regardless of pattern study. The more views and experiences we discuss, the better. For example, I have seen from the social engineering forum, that Goatboy has come across multiple 419 scams, such as the Nigerian e-mails. Even though that is a common scenario, I'm sure we all have faced different scenarios at some point of time. I have experience in professional social engineering from recon and raid operations during my military service. Using all our experiences, I believe we can make a very dynamic and informative lecture from which we will be covering the most possible on social engineering.

[Goatboy]

It's not so much my approval as it is generating interest. Pick a time and date, post it here, then advertise on IRC.

[conscience]

Any chance of you releasing some docs about it too?

I'm pretty unsure whether I can participate your lecture or not. Judging by your introduction above, it'll be nice to see some writings sharing it's quality and attractiveness. And, of course, I'm interested in social enginerring too, which I don't really have a clue about as all the quality documents on this topic seem to hide when I come to searching for them.

[acevic]

@Goatboy, In that case let's give it some more time, maybe say 72 hours to see how popular it gets.

@Conscience, Thank you for your interest. I have drafted out a lecture on paper and I will refine it into something decent to read. It's better that we use a combination or reading material, a small presentation and audio in order to deliver the message thoroughly. Everything will be recorded and posted to HTS for those who cannot attend it. I still highly recommend that you do try to attend it as I will allow a Q/A session, a discussion and an interactive workshop after the lecture.

[conscience]

Glad to enjoy the fruit of your perfectionism

I'll try being present as hard as I can of course. Chances are, however, that I still will not be able to get the audio part (Except recording it) as I'm currently not working at home and may disturb others - I'd be ashamed to disrespect them. Anyways I'll take all possibilities to get involved as much as possible.

[JoeyPardella]

I just want to express my interest here, because lately I wasn't on IRC much.

also I'd like to suggest a weekend for a date, so that people like me, living in europe (or not in the US in general), can attend this lecture.